Skip to content

quinn-proto 0.11.14

Latest
Latest

Choose a tag to compare

View all tags
@djc djc released this 09 Mar 10:33
· 149 commits to main since this release
quinn-proto-0.11.14
This tag was signed with the committer’s verified signature.
djc Dirkjan Ochtman
SSH Key Fingerprint: Nek/oTQkBpjde4wx0GVl9zJkmMae8M65edoqmLdafUE
Verified
Learn about vigilant mode.
2c315aa

@jxs reported a denial of service issue in quinn-proto 5 days ago:

We coordinated with them to release this version to patch the issue. Unfortunately the maintainers missed these issues during code review and we did not have enough fuzzing coverage -- we regret the oversight and have added an additional fuzzing target.

Organizations that want to participate in coordinated disclosure can contact us privately to discuss terms.

What's Changed

  • Fix over-permissive proto dependency edge by @Ralith in #2385
  • 0.11.x: avoid unwrapping VarInt decoding during parameter parsing by @djc in #2559

Contributors

Ralith, djc, and jxs
Assets 2
Loading